CVE-2023-47562 – Photo Station
https://notcve.org/view.php?id=CVE-2023-47562
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a Photo Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados ejecutar comandos a través de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versión: Photo Station 6.4.2 (2023/12/15) y posteriores • https://www.qnap.com/en/security-advisory/qsa-24-08 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-47561 – Photo Station
https://notcve.org/view.php?id=CVE-2023-47561
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later Vulnerabilidad de Cross-Site Scripting (XSS) afecta a Photo Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versión: Photo Station 6.4.2 (2023/12/15) y posteriores • https://www.qnap.com/en/security-advisory/qsa-24-08 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-27593 – QNAP Photo Station Externally Controlled Reference Vulnerability
https://notcve.org/view.php?id=CVE-2022-27593
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Se ha informado una vulnerabilidad de recursos de referencia controlada externamente afecta al QNAP NAS que ejecuta Photo Station. Si se explota, esto podría permitir a un atacante modificar los archivos del sistema. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS versiones 5.0.1: Photo Station versiones 6.1.2 y posteriores QTS versiones 5.0.0/4.5.x: Photo Station versiones 6.0.22 y posteriores QTS versiones 4.3.6: Photo Station versiones 5.7.18 y posteriores QTS versiones 4.3.3: Photo Station versiones 5.4.15 y posteriores QTS versiones 4.2.6: Photo Station versiones 5.2.14 y posteriores Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. • https://www.qnap.com/en/security-advisory/qsa-22-24 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2021-44057 – Improper authentication in Photo Station
https://notcve.org/view.php?id=CVE-2021-44057
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo QNAP que ejecuta Photo Station. Si es explotada, esta vulnerabilidad permite a atacantes comprometer la seguridad del sistema. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.20 ( 15/02/2022 ) y posteriores Photo Station 5.7.16 ( 11/02/2022 ) y posteriores Photo Station 5.4.13 ( 11/02/2022 ) y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-15 • CWE-287: Improper Authentication •
CVE-2021-34356 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34356
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.18 (01/09/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •